That’s how Google Chrome is planning to label HTTP pages starting January 2017.

Why is Google doing this? Because despite the many benefits of switching to HTTPS, many site owners haven’t done so.

For a while now, Google and other search engines have been on a mission to make the web more secure. Google has already taken action in this direction by announcing HTTPS as a ranking signal and indexing secure pages over unsecured pages. They’ve even published a guide on securing your website with HTTPS, which we encourage everyone to read.

On the other hand, HTTPS dominates Chrome browsing. Figures from Google’s Transparency Report show that worldwide the percentage of pages loaded over HTTPS on Chrome on all platforms has surpassed 50%, up from 40% in mid-2015. On Chrome OS the figure is 68%.

So there’s more work to be done, which explains Chrome’s action to get non-secure sites to migrate to HTTPS.

If you’re feeling intimidated by the prospect of switching to HTTPS, in this post we’ll share as much information and advice to ensure everything goes smoothly.

Why should you consider HTTPS?

If you’re working with sensitive customer information, whether that’s credit card info or login credentials, HTTPS is a good way to reassure people that your site is secure. But apart from being more secure, which is becoming vital when trying to build trust and credibility online, there are some additional reasons why you should consider moving to HTTPS.

HTTPS is a lightweight ranking signal

This means it can help your SEO game, giving your site a small boost in the search results. Read HTTPS as a ranking signal by Zineb Ait Bahajji and Gary Illyes, Webmaster Trend Analysts.

HTTPS pages load much faster than HTTP

See the HTTP vs HTTPS Test, that loads 360 non-cached images on both HTTP and HTTPS connections. So if page speed is a concern, you have one more reason to adopt the new protocol.

You get access to better referral data

HTTPS to HTTP referral data is blocked in Google Analytics. What’s more, referral traffic coming from HTTPS to HTTP is reported as Direct traffic. But with more sites migrating to HTTPS, you won’t have to worry about losing or not being able to access referral traffic.

Key things to consider when migrating from HTTP to HTTPS

There’s one key thing you should be aware of: Google treats HTTPS migrations as a site move and, as you probably know, a site move can come with some rankings issues. This means that:

You may experience a temporary fluctuation in site ranking during the move.

HTTPS sites receive a small ranking boost, but don’t expect a visible change.

Old OpenSSL versions are vulnerable, which means you’ll need to ensure you have the latest and newest versions of TLS libraries.

Gather current website URLs

Put together a list with all your current website URLs, both from your main site and any other existing subdomains. This will come in handy for when you need to check to ensure all URLs redirect correctly to HTTPS after the move.

Use a crawler to get all your URLs. We’d also suggest exporting all your URLs from Google Analytics just in case you have pages that the crawler isn’t able to find.

Before you start the process of moving to HTTPS, we recommend you do all updates on a dev area. This allows you to double-check everything before going live with HTTPS. At the same time, you’ll be able to minimise and perhaps even eliminate the impact of the HTTPS migration.

Consider improving speed

You can further optimise your website’s speed by adopting HTTP/2 which only works with HTTPS.

HTTP/2 is the latest update to the Hypertext Transfer Protocol and it’s based on Google’s SPDY protocol, which was developed to improve the speed and performance of browsing on the web. It works by making one connection to the server, then “multiplexes” multiple requests over that connection to receive multiple responses at the same time. This way the data is interwoven more efficiently on that single connection.

Change your URLs to HTTPS

Based on the CMS you’re using, there are different options:

You can use protocol relative URLs

Search and replace in the database

Use an SSL plug-in

Make sure all canonical and hreflang URLs also point to the new HTTPS location.

Find all subdomains that use your main domain as well, and ensure they’re served through HTTPS too. You can’t link to the subdomains if they’re left on HTTP as you will still have unsecure URLs on your website.

It’s better to replace http with https URLs even if you do a server-side redirect. You don’t want to load all those redirects in your pages as that will slow down your pages’ loading time.

Have a look at any plug-ins or modules that might need updated HTTPS URLs as well based on your website’s configuration.

Update internal resources to HTTPS

All your images, scripts and CSS files should also be retrieved from HTTPS locations. Ideally even external scripts and resources should be pulled from secure URLs.

You can use a tool like SSL Check to check and ensure you haven’t missed anything. However, the most reliable approach would be a full crawl of your website. We recommend combining crawlers such as Screaming Frog and Xenu so you don’t miss anything.

Create 301 redirects from HTTP to HTTPS URLs

To make sure you haven’t missed a thing, it’s better to do 301 redirects from your server’s htaccess or config file. You don’t have to create a redirect for each URL but rather use a rule that forces HTTPS. This guide from Geekflare explains how to do HTTP to HTTPS redirects on various platforms.

You should also minimise redirect chains. For example, if an old page (A) redirected to a new page (B) and the new page now redirects to https (C), you can get this redirect chain A-B-C. You can update the old page (A) to redirect to https directly (C), skipping the new http middle redirect. This way you get these redirect pairs A-C and B-C.

Update sitemaps and robots.txt files to reflect the new URL structure on HTTPS

This one should be fairly obvious, but can be overlooked. When doing your 301 redirects, make sure that anything in your robots.txt that has an http is switched to https.

Verify the new HTTPS property with Google Search Console

We also recommend doing a fetch and crawling all URLs to help Google discover your URLs faster. Now, if you’ve previously submitted a disavow file for your HTTP website, make sure to submit a copy of it in your HTTPS profile as well.

Update your Google Analytics profile with the new HTTPS URL

If you have Google Analytics, you’ll need to make sure that you’ve put in https as your default URL.

Update social and PPC URLs to the new HTTPS

Make sure you replace PPC landing pages with the HTTPs version URLs so it doesn’t affect the landing page score. To migrate social shares to the new URLs you’ll need to:

Get the HTTP version of the current page/post URL.

Pass the URL to your plugin to tell it the URL it should use rather than the one the plugin auto-generates.

Update incoming links

Ideally you should contact websites linking to you to let them know your URL is now HTTPs. This can also save them from loading a redirect on their pages and point to your new URLs. If this doesn’t work, you should at least update the incoming links you do have access to.

Update your CDN URLs if you’re using one

If you’re using a content delivery network to speed up your page loading time, such as BootstrapCDN or CloudFlare, make sure that the files you pull in are also from https connections rather than http.

Monitor everything

After going live with HTTPS, monitor everything to ensure all traffic levels are unaffected (GA), your CTR is in limits (GSC), your social accounts still work as expected and users can still like, tweet and share.

Common problems you might have

Here are the most common mistakes that happen during a HTTPS migration:

locking Google from crawling your HTTPS URLs – make sure you’re not blocking this from robots.txt or a page-level noindex tag forgotten from your testing area.

Creating duplicate content due to lack of HTTP to HTTPS permanent redirects.

Not replacing all on-page HTTP URLs with their HTTPS counterpart.

If you avoid making these mistakes and follow the recommendations in this post, your migration should be smooth with no noticeable impact on traffic or ranks. However, if you think you’ve done everything correctly but still notice issues, Moz has a great article on recovering your organic search traffic and tracking down mistakes done during a search migration.